diff --git a/gdk-pixbuf/io-ico.c b/gdk-pixbuf/io-ico.c
index 924d3d1..3abf140 100644
--- a/gdk-pixbuf/io-ico.c
+++ b/gdk-pixbuf/io-ico.c
@@ -318,10 +318,7 @@ static void DecodeHeader(guchar *Data, gint Bytes,
for (l = State->entries; l != NULL; l = g_list_next (l)) {
entry = l->data;
- /* We know how many bytes are in the "header" part. */
- State->HeaderSize = entry->DIBoffset + INFOHEADER_SIZE;
-
- if (State->HeaderSize < 0) {
+ if (entry->DIBoffset > G_MAXINT - 40) {
g_set_error (error,
GDK_PIXBUF_ERROR,
GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
@@ -329,6 +326,9 @@ static void DecodeHeader(guchar *Data, gint Bytes,
return;
}
+ /* We know how many bytes are in the "header" part. */
+ State->HeaderSize = entry->DIBoffset + 40;
+
if (State->HeaderSize>State->BytesInHeaderBuf) {
guchar *tmp=g_try_realloc(State->HeaderBuf,State->HeaderSize);
if (!tmp) {
distrib
>
Mageia
>
6
>
armv7hl
>
media
>
core-updates-src
>
by-pkgid
>
ca5f9ea91570c0500d2da38b40382a8e
>
files
>
3
